A new phishing scam is using authentic-looking emails to trick Paypal customers into compromising personal info. The emails appear to be from the electronic payment site, but redirect users to fake pages via dishonest links. How does it work? First, a registered Paypal user receives an email from the company that appears to be legit. But a closer look should identify minor spelling or punctuation errors that set off red flags. "Notice...errors in grammar and syntax that suggest the author isn맥스카지노�t a native English speaker," ESET security researcher Cameron Camp said Thursday. "That맥스카지노�s one of the clues." ESET is a 25-year-old Slovakia-based cybersecurity firm that specializes in online firewall and virus protection. If the user clicks on the (fake) login button, he or she is redirected to a Paypal page that appears trustworthy. However, one of the best ways to identify a counterfeit site is to look at its web address. "The domain has nothing to do with PayPal sites, but rather are scam URLs," Camp explained. "As with other campaigns, scammers typically use a myriad of dynamically generated domain names 맥스카지노� sometimes slight variations on the real name 맥스카지노� which is another clue that something isn맥스카지노�t right." Victims are then taken down a virtual rabbit hole of deception - each page asks for more compromising personal info under the guise of identity verification. However, subtle inconsistencies often indicate a scam. Example: The false site may ask for one's social security number, but then inquire which country he or she lives in. Social security numbers are only used in the US. How can you avoid falling victim to the scheme? First, verify the domain name of the sender. A random combination of letters and numbers instead of "paypal.com" is a dead giveaway that something's not right. Most importantly, don't click on the link in a suspicious email. Open a new browser window and go directly to Paypal's site and login. Follow @theabigailelise on Twitter.